Hlavní menu

DATA PROTECTION MEMORANDUM

ROCKAWAY WEBSITE

From:

Rockaway (as defined below), as data controller

To:

You, as data subject

Version:

1.0

Dearest reader,

Thank you for taking the time to visit www.rockawaycapital.com (the “website”). You should know that
some of your personal data may be processed when you browse and interact with the website. Therefore,
as its administrators, we consider it our highest priority to keep you well informed about how we treat such
data. This data protection memorandum (“Memo”) is intended to give you a full overview of how we process
your personal information from the moment you arrive at the website until you leave it, and beyond1.

1. WHAT PERSONAL DATA DO WE PROCESS?

If you take into account all the ways in which you can interact with the website (including the
sending of job applications and similar), then we may process the following categories of personal
data concerning you:

Category of Personal Data

Description

Processed Whenever You…

E-Behavior Details

This includes information about the way you
browse and interact with the website, such as
what you click on, how much time you spend
on the website and its sections, the type of the
device you use, and the IP address of such
device and the location determined based on
such address, as well as information obtained
from cookies and similar technologies.

… have the website open.

Identification Details

This includes in particular your name and date
of birth.

… contact us at our e-mail;

Contact Details

This includes in particular your contact
address, phone number and e-mail address.

If you’re applying for a job or an internship with us, this includes all data collected during
the recruitment process about your fitness for
the position applied for, your performance at
interviews, assessment centers and tests, and
your cover letter sent as part of your on-line
application. If you’re applying for an investment, this
includes all personal data concerning you
which you provide us in your cover letter or
other documents sent as part of your on-line
application.

This means any personal data concerning you
other than your Identification Details and
Contact Details included in any e-mail you
send us to one of the e-mail addresses stated
on the website.

… you contact us at our e-mail.

2. WHY DO WE PROCESS YOUR DATA AND WHAT ALLOWS US TO DO SO?

We collect and work with various personal data concerning you for multiple purposes (depending on
what you do on the website) —

without your prior consent, where this is necessary as a measure towards us reaching a legal
agreement with you, or to pursue our legitimate interests or fulfil our legal obligations; or

with your prior consent, but only for limited purposes when you apply for a job or an internship.

The sub-sections to follow go into more detail.

2.1 If You Browse the Website…

(a)Collection of E-Behavior Details (1): Cookies

Do you like cookies? Well, then you’ve come to the right place! If you visit the website, we’ll deposit
tiny files into your device called ‘cookies’. These enable us to map your activity on the website. Some
cookies disappear after you’ve left, while other ones stay put and reactivate each time you visit the
website. We also use so-called web beacons – tiny pictures embedded at various locations around
the website which have a function very similar to cookies. To not overcomplicate things, we’ll just
refer to all of the foregoing as ‘cookies’; similarly, we’ll just say we ‘store’ cookies on your device
even though technically we also read them, too. You should know that some (but not all) cookies
make you identifiable – not to us, but to network operators and similar – and therefore qualify as
personal data. To the extent they do, we classify them as E-Behavior Details processed based on
our legitimate interests (Art. 6(1)(f) GDPR) (see further below).

The first category of cookies which are stored on your device directly from the website helps us:

identify you when you switch among different sections of the website or when you leave and
revisit the website, e.g. to be able to remember which language version you’ve selected;

remember if you’ve given us your consent under this Memo, if applicable at the time you’re
reading this;

protect your identity, e.g. to ensure no one abuses your connection and passes themselves off
as yourself; and

record, analyze and remove defects on the website.

These cookies are necessary for the proper functioning of the website; you can disable them in your
browser settings, but in such case please note that it’s possible the website may not work correctly.

Also, we store a second category of cookies on your device which helps us:

monitor the popularity of the website and get an idea about who and where our visitors might be
(without being able to identify any individuals); and

display different variants of the website if we’re testing out new functionalities.

Don’t feel like cookies after all? You may disable the storing of cookies in your browser settings.
Here’s where you’ll find out how to do that on popular browsers (just follow the links):

We store your E-Behavior Details for no longer than 38 months, depending on the technology
involved.

2.2 If You Apply for an Investment…

Please note that we’re not a ‘data controller’ when it comes to the investment applications at https://www.rockawaycapital.com/en/get-investment/, but only a processor. This means that we
don’t determine how your information is handled once you submit the application form. Instead, it is Rockaway Ventures a.s., ID No.: 063 87 136 (“RV”), which acts as controller (instead of us) for the
purpose of the entire investee selection process. Our only task is to transfer the contents of your
investment application to RV securely. Now we’re already here, however, the following is a summary
of why and how RV processes your information once we give it to them:

Personal Data Category

Purpose of Processing

Identification Details

Contact Details

Professional Details

Assessment Details

RV uses this personal data to assess whether or not it or one
of its affiliated companies should invest in your business. In
particular, collecting these details enables it to contact you, talk
to you about your business ideas and determine whether or not
you’ll be the right fit for each other business-wise.

RV may process the aforementioned data relating to you for the purposes described because it’s necessary as a measure towards reaching a binding agreement with you (such as an
investment contract) (Art. 6(1)(b) GDPR).

RV stores your Identification Details, Contact Details and Professional Details until the end of the
investee selection process you choose participate in (whatever the outcome), or, as the case may
be, for as long as you work together. It will erase your Assessment Details after the end of the
investee selection process (whatever the outcome).

RV gets your personal data either from yourself, from persons who know you, or from publicly
available sources such as LinkedIn or company websites.

Personal data used by RV in connection with the investee selection process are accessible to us (in
that we collect them on RV’s behalf), technical and other support services providers (e.g. Google or
Microsoft), persons working at or closely with RV, and other persons who – with your permission –
RV shares your details with for the purposes of potential business cooperation. To the extent any of
the foregoing recipients process your data outside of the European Economic Area, RV ensures that
adequate protection is safeguarded contractually using the model clauses issued by the European
Commission or otherwise.

Please write us at gdpr@rockawaycapital.com should you have any questions about the processing
of your information by RV or wish to exercise any of your rights under the GDPR (see section 5
below) – we will either deal with your query on RV’s behalf or pass it on to RV.

Since a lot of your information is processed in connection with these applications and the recruitment
process to follow, we have designated a whole separate document called “Data ProtectionMemorandum – Candidates” to this group of processing activities. Please see the individual job
ads and the Rockaway Academy internship application page for more.

2.4 If You Send Us an E-mail…

At Rockaway we are always happy to answer any questions or other messages you may have for
us. Accordingly, we invite you to get in touch at various locations on the website. If you decide to
send us an e-mail at info@rockawaycapital.com, press@rockawaycapital.com or any other e-mail
address stated on the website, we’ll process the following categories of personal data relating to you
for the following purposes:

Personal Data Category

Purpose of Processing

Identification Details

Contact Details

Queries

We process this data to be able to answer your e-mail and help you with any request you may have for us.

We are allowed to process the abovementioned personal data categories for the given purposes
because it’s necessary for us to be able to pursue our legitimate interests (Art. 6(1)(f) GDPR). Our
legitimate interests lie in wanting to connect with individuals who are interested in our business and anything else connected with Rockaway, as well as ensuring accurate reporting of our
activities by the press.

As a general rule, we’ll delete our correspondence immediately after we’ve stopped communicating
and there’s no legitimate need for us to keep the correspondence (such as us promising you to get
back to you in the future). In exceptional cases we might also have to hold on to your e-mails if this
is necessary for the protection of our rights (e.g. to be able to use our correspondence as evidence
of something).

3. WHO ELSE HAS ACCESS TO YOUR DATA?

Whenever necessary for the attainment of the processing purposes described in section 2 above,
we might have to share some of your personal data with the following types of recipients:

(a) RV

As explained in section 2.2 above, RV receives and is the controller with respect to all of your
personal data processed in relation to investment applications.

other technical and support services providers (e.g. software providers); and

persons working at or closely with Rockaway.

To the extent any of the foregoing recipients process your data outside of the European Economic
Area, RV ensures that adequate protection is safeguarded contractually using the model clauses
issued by the European Commission or otherwise.

4. WHERE DO WE GET YOUR PERSONAL DATA?

We get most of the personal data concerning you from yourself – e.g. when you send us an e-mail
or fill out any application form on the website. There are exceptions, though: for example, we obtain
your E-Behavior Details using cookies and similar technologies. We never buy your data from
anyone; neither would we ever sell it.

5. WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA?

As the sole proprietor of your personal data, you have multiple rights which you can use to maintain
or regain full control of them whenever you deem fit:

5.1 Right to Access

You have the right to know all there is to know about how Rockaway processes your personal data
as well as your rights connected with such processing. While this Memo should answer most of your
questions already, you may at any time ask us for confirmation as to whether or not we process
(certain) personal data concerning you – if indeed we do, you are entitled to full information about
such processing activity. The right to access includes the option to request a copy of all personal
data concerning you which we process; we’ll give you the first copy for free and only charge you a
fee for any further copies.

5.2 Right to Correction

We all make mistakes sometimes. Should you ever notice that some of the personal data concerning
you and processed by us are inaccurate or incomplete, you have the right to demand that we correct
or supplement them without undue delay.

5.3 Right to Be Forgotten

In some cases you have the right to demand that we erase your personal data. We are obliged to do
so if:

(a)we no longer actually need the personal data for the purposes for which they were originally
processed;

(b)you have withdrawn you consent with the processing of the data and no other legal basis exists
for such processing;

(c)you have objected to a certain processing activity performed by us based on our legitimate
interests and we conclude that such legitimate interests no longer exist; or, as the case may
be, you have objected to a processing activity used for direct marketing; or

(d)the processing activity in question has been or has become unlawful.

Please beware that your right to erasure isn’t absolute even if one of the conditions above is met –
we may have the right to keep some of your personal data if this is necessary for the fulfilment of our
legal obligations or for the protection of our legal claims.

5.4 Right to Restriction of Processing

In some circumstances you may have the right to demand that we limit the processing of your
personal data (other than erase them altogether). This means that we will have to set your data aside
and stop processing them for the time being, but not forever (that would be where the right to
erasure comes in). We are obligated to restrict processing:

(a)if you dispute the accuracy of the personal data processed, until we can verify the accuracy
and make corrections, if needed;

(b)if our processing of your personal data has been or has become unlawful (e.g. because it is
excessive for the respective purpose) but you don’t want us to erase them (perhaps because
you do need us to have them for later purposes);

(c)if we no longer need the personal data, but you require them to be able to protect your legal
claims; or

(d)if you object to a processing activity, in which case we will suspend the processing while
we investigate the merits of your objection.

5.5 Right to Data Portability

You have the right to obtain all such personal data concerning you and collected or otherwise
processed by us based on your consent. If you invoke this right, we will be obliged to provide you all
such data in a structured, commonly used and machine-readable format (XLS, PDF or similar). Your
data portability right only applies to data which we process automatically.

5.6 Right to Object

You may object to any processing performed based on our legitimate interests. If the processing at
issue is conducted for direct marketing purposes, we’ll stop the processing activity immediately; in
other instances we’ll first investigate the merits of your objection and cancel the processing if we find
that we have no substantial legitimate interests to continue with the processing activity.

5.7 Right to Lodge a Complaint

Regardless of any other rights you might invoke, you may always file a complaint with the competent
supervisory authority. This is especially so if you feel that your personal data are being processed
unlawfully. Should you wish to lodge a complaint against processing performed by Rockaway, the
competent authority would be the Czech Office for Personal Data Protection (Úřad pro ochranu
osobních údajů) located at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.

6. WHERE AND HOW DO I INVOKE MY RIGHTS?

If you have a question about Rockaway’s data protection policy or your rights under it, wish to
exercise any of your rights under section 5, want to withdraw your consent with the processing
of personal data or simply need to get in touch in a related matter, please e-mail us at gdpr@rockawaycapital.com. Don’t worry about the form of your e-mail or correct terminology – just
make sure you describe what you’d like us to do or stop doing.

We’ll do our best to deal with your query as fast as we can, but in any event within one month. Since
we’re no automated tech-giant, please understand that some of the more complicated queries might
exceptionally take us up to two more months to sort out – but we’ll obviously let you know if this
happens to be the case.

Please note that we may only advise you on your rights within the context of the personal data which
pertains to you and is processed by us; we highly encourage you to seek independent legal advice
on any and all other matters.

7. WHO IS RESPONSIBLE FOR HANDLING YOUR PERSONAL DATA?

Save for the processing described in section 2.2 above, the following organization (the so-called
controller) decides how your personal data should be processed and is responsible for ensuring that
your privacy rights are always respected: